Speed limits could slow viruses

May 5/12, 2004

Despite programs designed to detect and
delete them, computer viruses and worms are using up an increasing amount
of network resources and computer user time.

Computer viruses are relatively small bits of code that attach
themselves to computer programs and propagate when a user performs an
action like opening an attachment. Computer worms are separate programs
that can spread unaided through computer networks.

Researchers from the University of New Mexico, the Santa Fe Institute,
the University of Michigan and Hewlett-Packard's HP Laboratories in England
to have found a new way to slow viruses and worms. The method, dubbed
throttling, involves limiting the number of new connections a computer
can make in a given period of time. This promises to slow the spread of
viruses and worms enough to make them easier to control and eliminate.

According to the researchers' calculations, limiting computers
to one new Web server connection per second would slow a virus like Nimda
by a factor of 400, but would not adversely affect regular traffic.

Other research has shown that scale-free networks like the Internet,
which have a few large hubs that contain many connections and many smaller
hubs that contain few connections, are particularly vulnerable to worms
and viruses, and are fairly resistant to control strategies like random
vaccination.

The researchers' method could be used in other situations as well.
Throttling is appropriate for managing an attack or cascading failure
that occurs faster than humans can respond, according to the researchers.